DNS: Single Level Domain Not Resolving

Infoblox is acting as our main DNS servers in our environment.  We have a few single level domains that are still being used for the time being until we can get them migrated to the new one.


Our problem that we found this morning was when someone tried to join the server to this domain, it failed.


We got to looking and noticed we did not have the three domain controllers added to our ACL list for Updates.  We have since added that, but still appear to have the same problem.


When we do an NSLOOKUP on our machine locally, we get an error saying the domain does not exist, but clearly does.


*** can't find cfa-abc: Non-existent domain


I can run a DIG directly on the Infoblox devices:


;cfa-abc.                     IN      A

cfa-abc.              600     IN      A
cfa-abc.              600     IN      A
cfa-abc.              600     IN      A

;; Query time: 1 msec
;; WHEN: Thu Mar 17 11:47:18 2016
;; MSG SIZE  rcvd: 75

I also verified that the A records for the zone also exist of the DC's.


I already have a ticket open with support, but thought I would see if anyone else had any suggestions.


Re: DNS: Single Level Domain Not Resolving

Community Manager
If the DCs were also the original DNS servers they may not have realised that the namservers have changed.


try clearing things out with these commands:


  dnscmd /resetforwarders

  ipconfig /registerdns


It would also help to know the delegation path for the zones you are querying, and who is authoritative for the delegation points. What are the DCs using as their resolvers ?


Are they querying through resolvers that are authoritative for a parent domain and don't know about the delegation ?


  'dig +trace' is often the way to track this, but you MUST point the dig at the nameserver in the client resolver list, not the infoblox or some other random nameserver that may have the correct view of things.



Re: DNS: Single Level Domain Not Resolving

zone "cfa-abc" in { # cfa-abc
	type master;
	database infoblox_zdb;
	masterfile-format raw;
	file "azd/";
	allow-update { key DHCP_UPDATER_default;;;;  };
	notify yes;

The zone we are trying to resolve is the Authoritative Zone on Infoblox.  I should be able to run a simple nslookup of cfa-abc on my machine and resolve to an IP address and it isn't.

Re: DNS: Single Level Domain Not Resolving

We noticed that everything resolves fine from linux boxes.

On Windows however, we have a set of prefixes.  So when looking up cfa-abc it goes through the list and is trying to add a suffix to it.  So it is trying to lookup  "".


If I append a period to the end of it, it ignores the suffixes and resolves correctly.


> cfa-abc.

Name:    cfa-abc

Re: DNS: Single Level Domain Not Resolving

I don't think AD works too well with a single label domain name, for instance it could revert to using NetBIOS rather than DNS, so if your WINS environment (remember that?) is not configured properly you could have failures. Also I believe Windows will not do DDNS updates if a single label domain is in use.


Have a look at this Microsoft article for various issues associated with this...



